Share This Page

Hi all, i am new in the community, and i am a developer. I know C++, F#, Java and HTML languages.
I am a project in my mind, but i don't know how to do this real.
I know that with the devkit we can do homebrews for the nintendo DS. Than, i also know that "updates" for flashcards like R4i-Ultra, are only "spoofers" of other games, all is to spoof the flashcard as a game. If we edit the .nds file of the flashcard, we'll be able, with the properly utilities, to make our custom updates! If we can do this, I'll do a C++ tool to auto-generate an update for our flashcards, able to do for newbies!
Who and what i need to continue this project:
1) A developer/programmer that knows the devkit DS language/an utility to edit directly .nds files
2) A tool to edit .NDS files and if possible the source code
3) A person or a team who can find the game to spoof with for the last 3DS firmware, and his gameID.
4) A lot, and a lot of testers, i don't have all flashcards XD
With those things, we'll make customs updates, and we'll be able to update our flashcards without the official release, which comes after the releasing of new firmware...
PS: If the section is wrong, send me a pm which notifies me where is moved the topic
Thanks,
StunterMan

A flashcart doesn't just hold a .nds file in the microSD card that is directly loaded up, the spoofing information is stored in the firmware of the flashcart itself. It's not as easily accessible as I'm imaging you imagine.

@Terminator02, yeah, i know, but you may have forgotten that this .nds file "writes" this "spoof" on the flash of flashcard And i don't want to re-write all the code of the .NDS file, i only want to change the "spoof" informations, such as name, image and gameID
The thing is possible, if we want. As the Catboy wrote, if Acekard community did it, we can do it.

I think you might have misunderstood me.
Right now the Acekard 2i has pretty much run out of firmware updates and now it appears to no longer be able to update for the 3DS updates.
What I was saying was pretty much if this were possible, the most likely someone in the Acekard community would have done it first, but sadly it appears not to be possible and no one in the community has done it.

An incorrectly-written update means a non-bootable cart, which is probably why nobody's messed with it much.

In addition the updates are per-cart, as the various carts use various control chips and such... so you'd need to figure out the firmware layout individually for each cart, and even for the different hardware revisions (as they need different update files).

NDS files are binary copies of the same filesystem used for the game ROMs, this also means that the executable code is compiled too (ARM9.bin and ARM7.bin). As far as I know, source is not available for ANY Cart's firmware.

Also a lot of the time carts stop updating because the 3DS is looking for more info to confirm, and the cart's simply can't store that much. This was the case with the AK2i HW44 (confirmed by AKAIO team), and is likely the case for all the other flash carts who have older DSi models that can't handle the latest updates... so even if you could modify the data, you can't fit everything that the recent 3DS updates are requesting.

@Terminator02, yeah, i know, but you may have forgotten that this .nds file "writes" this "spoof" on the flash of flashcard And i don't want to re-write all the code of the .NDS file, i only want to change the "spoof" informations, such as name, image and gameID
The thing is possible, if we want. As the Catboy wrote, if Acekard community did it, we can do it.

Click to expand...

This master .nds file that writes to the flash on the flashcart doesn't exist (at least not publicly), the necessary information for spoofing is already on the flashcart. The only way I see this being possible is if you can find a way to read and edit that information already on the flashcart, figure out Nintendo's anti-piracy methodology, and then find a way around it.

Catboy was saying that it's most likely not possible because the Acekard community has not done it yet.

Sorry, i didn't understand The Catboy's post >.< I am italian aahahha Sorry for my bad english.. than, can we contact the teams of cards and ask for the source? I know that they won't send we the code... but in other words if they can update to the last version, they can sell more cards, because people find flashcards compatible.. I don't know, but we can try.
I know that the update files uses an other file on the flash, but they only contain a little program wich sends commands to the program written on the flash and images/other files contained on a normal .NDS file..
If an update is only 300-700kb it can't contain big files.. but if it contain only executable code, it'll be only 16-20kb... Than if it contains the base-operations to do, icon and gameID, we can only edit those files, this is my objective. I don't need to change the executable code.. i knew that there was a program which makes you explore the .nds file. It is used to do Pokemon hack roms, and other games hack roms, i don't renember the name. We can try with this program.

It's not just the icon and game ID anymore. Multiple carts have been blocked and then updated while keeping the same icon and ID, while other carts like the DSTwo can update without editing their internal flash at all (they're reading data off the MicroSD on boot).

It's not just the icon and game ID anymore. Multiple carts have been blocked and then updated while keeping the same icon and ID, while other carts like the DSTwo can update without editing their internal flash at all (they're reading data off the MicroSD on boot).

Click to expand...

That's only true for the DSi, it requires an update to the flash for 3DS compatibility updates.

The DS uses two processors, the ARM7 (generally used for sound, wifi, and saving), and the ARM9, which runs the main program. The binaries for these are ARM7.bin and ARM9.bin, and when you extract a ROM you should be able to get at those binaries and all the other included resources. Like I said, DS ROMs use a filesystem (unlike earlier systems that used raw data and just tried to make sure they were referencing the right areas).

Also, I just remembered that a few ROM release groups have dumped some flash carts, I know they dumped the AK2i firmware, but don't remember which other carts... it was only a few so I don't know if it'd be useful.
EDIT: As in, they dumped the data that's stored on a cart itself.

Thanks Guys! I'm studying the composition of an update. I found the files, they are: rom.nds, fat.bin, fnt.bin, arm7.bin and arm9.bin. Now i'm trying to extract rom.nds and analyze it. Probably i found the real "update" which is written by the flashcard

The DS uses two processors, the ARM7 (generally used for sound, wifi, and saving), and the ARM9, which runs the main program. The binaries for these are ARM7.bin and ARM9.bin, and when you extract a ROM you should be able to get at those binaries and all the other included resources. Like I said, DS ROMs use a filesystem (unlike earlier systems that used raw data and just tried to make sure they were referencing the right areas).

Also, I just remembered that a few ROM release groups have dumped some flash carts, I know they dumped the AK2i firmware, but don't remember which other carts... it was only a few so I don't know if it'd be useful.
EDIT: As in, they dumped the data that's stored on a cart itself.

Click to expand...

the DSTwo early on had its internal data dumped also

heres the list of dumped internals from cards that can be used for bad things

I don't need Values like those.. i need only to know how to find the values for image, text and gameID. Than, we can do the procedure for making an hack rom and change image and gameID with a game already existing.. it should work.. i don't know if the update writes also a firmware, but it seems to write only image and text. The updating process is of about 30-50sec. and if it had to flash also the firmware it had to do the process into 1-2 minutes and the file of 3-4MB..
Even, i need a little group of people.. we'll have to make a "list" of hex values to "where is the image" or the text, and we'll make a list. With this list we'll try the hard part.. to change values (icon and text)..after tihs is done, we need a tester... but i know that anyone wants to do this job. Than, i wanted to test updates directly on an emulator.. is it possible to emulate an r4-ak2 just with the flashcard dump?

Dude, he was giving you info about the dumps of the data on the carts. If you look at that data, you can try to determine what is written and where it's written...

Also, what's your reason for doing this? If it's just to get a custom icon for use on the DS/Lite (and older DSi/3DS updates)... uh, have fun? It's been considered and requested (before people at large were aware of how the DSi/3DS protection works), but nobody's willing to put forth all the effort.

However if you're trying to update older carts for the 3DS, you're not going to have much luck. The problem is often the lack of storage space. The AK2i HW44 didn't have enough space to update past an earlier update, and the HW88 ran out of space eventually too, as the 3DS wanted more and more data. If the 3DS wants more data than the cart can actually store, the cart's fucked. This is why other carts (such as the DSTwo) are more complex and can pull the non-header data from the MicroSD, but earlier carts only needed to fake a smaller bit of data, and so didn't include much storage space.

And it's not just the AK2i. The R4i Gold, for example, has multiple hardware revisions too, and only the newer ones work for newer updates. The same can be seen for lots of other carts.

And this is all assuming the carts don't encrypt anything, which they do. We're not sure exactly what's encrypted and what's not (it varies by carts), but the update launcher and firmware updates (and even game launching softwares for carts) are often encrypted to prevent clones from just copying the updates (as happens often anyways, look at the Ace3DS cart using an older hacked Wood)... some carts even put out new hardware revisions to stop other companies from copying stuff (M3i-Zero model GMP-003 as an example).

The amount of time you spend on this could instead be spend at work, and you'd be able to buy a new cart, and that would actually be successful.

Normmatt, who was a main developer for AKAIO (the Acekard's main software) and also worked on Desmume, confirmed here that the data written for the AK2i is encrypted and hasn't been broken. Given that the method the Ak2i uses (which was one of the first DSi-bootable carts) is the same method almost every other flash cart uses (and they implement the same sort of securities), I'll stress again that this is going to be a huge amount of effort for relatively little gain.

This may or may not be useful info. Has anyone tried to use Tinke to extra the rom.nds from R41Gold 4.5.0-10 update and inject / replace it into an other update like the Ace3DS update and then run it and see what happens.

Also an easy way to find the new update data in the .bin and rom.nds files contained in these updates, MIGHT be (don't quote me on this), is to run a comparison... example. take the R4iGold 4.4.0 update extract the files rom.nds, arm7.bin and arm9.bin and compare it to a 4.3.0 update and record the data and locations of the changes between the 2 sets. these would then be the new update data.